Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1e2d4f4118009d0…

MALICIOUS

PDF

5.0 KB
MD5: a3148274384cf505e41bf2da603e8024 SHA-1: df0c1089ff6f37ccf7d963ea51546250ffa0fe14 SHA-256: e1e2d4f4118009d016f27e436df1a3fa85ccb04da5670aa0a7df9920fdca5aea
76 Risk Score

Malware Insights

The PDF file contains embedded and obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged the file due to obfuscated objects. The embedded JavaScript is likely responsible for executing the malicious payload, although its specific actions cannot be determined without further analysis of the obfuscated code.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.